Quiz | 1. | What is authentication? How is authentication performed with forms-based authentication? | | 2. | What three pieces of information do you need to provide when specifying an access right? | | 3. | Imagine that on a web page you wanted to show anonymous users the user interface for logging in to the site as well as for creating a new user account, whereas for logged-on users you simply wanted to display a Logout link. What Web controls would you use to accomplish this? | | 4. | What does the LoginName Web control do? | | 5. | True or False: It's possible to convert a hashed digest back into its original form. |
Answers | 1. | Authentication is the process of identifying a user. Forms-based authentication requires that the user provide her credentials through a Web Form. | | 2. | To create an access right, you need to specify the following: the folder, the user or role, and whether the right is to allow or deny access. | | 3. | Use the LoginView control. In the Anonymous Template view, add the Login and CreateUserWizard Web controls; in the Logged In Template view, add the LoginStatus control. Recall that the LoginStatus control displays a Login link for anonymous users and a Logoff link for authenticated users. Because the LoginView control's Logged In Template view is displayed only for authenticated users, the LoginStatus control will always show the Logoff link for an authenticated user. | | 4. | The LoginName Web control displays the logged-in user's name. If the current user is not logged in, it displays nothing. | | 5. | False. |
Exercises In Hour 16, "Deleting, Inserting, and Editing Data," we looked at displaying and editing the contents of the Books table through a GridView. If we were building a website to showcase our favorite books, we would want to make sure that only we could update the contents of the Books table, whereas other visitors could only view the results. For this exercise, create a website that supports user accounts and has an Administrator role defined. Next, add a folder named Admin to the website and then create two web pages: BookList.aspx, in the root folder; and Default.aspx, in the Admin folder. Have BookList.aspx list the contents of the Books table in a read-only GridView, with Admin/Default.aspx providing an editable GridView. Finally, configure the Admin folder to allow access only by those users who belong to the Administrator role. Repeat Exercise 1, but instead of having a separate Admin folder, have only one page, BookList.aspx, in the root folder. Add a LoginView control and add a GridView to both the Anonymous and Logged In Templates. Finally, configure the GridView in the Logged In Template to allow editing, while keeping the GridView in the Anonymous Template read-only. With this setup, any authenticated user can edit the contents of the Books table, but anonymous users will be presented with a read-only interface. Repeat Exercise 2, but this time instead of using two GridViews in a LoginView control, add just one GridView to the page. Configure the GridView to support editing. Next, turn the GridView's Edit, Update, Cancel column into a TemplateField through the Fields dialog box. This new TemplateField will have an ItemTemplate that contains a LinkButton with the text Edit and an EditItemTemplate with two LinkButtons: Update and Cancel. Add a LoginView control to this new TemplateField's ItemTemplate, leaving the Anonymous Template empty and placing the Edit LinkButton in the Logged In Template. When an anonymous user visits the website, the field that normally contains the Edit button will be blank; when an authenticated user visits, however, he'll see the Edit button, which he can click to edit the contents of the corresponding record in the Books table. (Both Exercises 2 and 3 allow any authenticated user to edit the Books table. You could restrict this functionality to users in the Administrator role by utilizing the LoginView's role-based features. For more information on customizing the LoginView control's output based on the user's role, refer to Part 2 of my article "Examining ASP.NET 2.0's Membership, Roles, and Profile," available online at http://aspnet.4guysfromrolla.com/articles/121405-1.aspx.)
|
